Description
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Remediation
References
https://hackerone.com/reports/310514
https://github.com/jonschlinkert/defaults-deep/commit/c873f341327ad885ff4d0f23b3d3bca31b0343e5
Related Vulnerabilities
CVE-2020-8178 Vulnerability in npm package jison
CVE-2021-26814 Vulnerability in npm package wazuh
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.13
CVE-2020-17479 Vulnerability in npm package jpv
CVE-2022-36099 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki